LISTING OF THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1 . (previously presented) An authentication system for mutual authentication between a 
terminal and a server wherein the terminal comprises: 

a memory means that pre-stores an authentication information P' for terminal storage; 

a concatenation means that yields a value P using a specific calculation formula in 
response to the input of the authentication information P' read from the memory means and a 
password entered for authentication; 

a mask operation means that yields a value Yl using a specific calculation formula with 
the input value P and an internally generated random number, and then sends Yl to the server; 
and 

a master key generation means that yields a value MK using a specific calculation 
formula with the input value P, an internally generated random number and a value Y2 received 
from a server that comprises: 

a memory means that pre-stores a password verification data H for server registration; 

a mask operation means that yields a value Y2 using a specific calculation formula with 
the input of the password verification data H read from the memory means and an internally 
generated random number, and then sends Y2 to the terminal; and 

a master key generation means that yields a value MK using a specific calculation 
formula with the input of the password verification data H, an internally generated random 
number and the value Yl received from the terminal. 

2. (previously presented) The authentication system according to Claim 1 further 
comprising a data extension means that yields the password verification data H and the 
authentication information P' based on a password previously-determined by the user. 
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3. (previously presented) The authentication system according to Claim 1 wherein the 
terminal further comprises: 

an authentication result verification means that yields a value VI using a specific 
calculation formula with the input of the value MK, sends VI to the server and compares a value 
V2 received from the server with a value V2 obtained using a specific calculation formula with 
the input of the value MK and, if they match, authenticates the server, 

and the server further comprises: 

an authentication result verification means that yields a value V2 using a, specific 
calculation formula with the input of the value MK, sends V2 to the terminal and compares a 
value VI received from the terminal with a value VI obtained using a specific calculation 
formula with the input of the value MK and, if they match, authenticates the terminal. 

4. (previously presented) The authentication system according to Claim 3 wherein each 
of the terminal and the server comprises a session key generation means that generates a session 
key when they are mutually authenticated. 

5. (previously presented) The authentication system according to Claim 1 wherein the 
authentication information P' is a polynomial equation. 

6. (previously presented) The authentication system according to Claim 1 wherein the 
authentication information P' is a polynomial equation and a hash function. 

7. (previously presented) The authentication system according to Claim 1 wherein the 
authentication information P' is a hash function. 

8. (previously presented) The authentication system according to Claim 1 wherein the 
authentication information P' is a pseudo random number generator. 
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9. (previously presented) A computer readable storage medium storing an 
authentication program that runs on the terminal of an authentication system for mutual 
authentication between a terminal and a server wherein the program allows a computer to 
execute: 

a memory process to pre-store an authentication information P' for terminal storage; 

a concatenation process to yield a value P using a specific calculation formula with the 
input of the stored authentication information P' and a password entered for authentication; 

a mask operation process to yield a value Yl using a specific calculation formula with the 
input value P and an internally generated random number, and then send Yl to the server; and 

a master key generation process to yield a value MK using a specific calculation formula 
with the input value P, an internally generated random number and a value Y2 received from the 
server. 

1 0. (previously presented) The computer readable storage medium storing the 
authentication program according to Claim 9 wherein the program further allows a computer to 
execute a data extension process to yield the authentication information P' based on a password 
previously-determined by the user. 

1 1 . (previously presented) The computer readable storage medium storing the 
authentication program according to Claim 9 wherein the program further allows a computer to 
execute an authentication result verification process to yield a value VI using a specific 
calculation formula with the input of the value MK, send VI to the server and compare a value 
V2 received from the server with a value V2 obtained using a specific calculation formula with 
the input of the value MK and, if they match, authenticate the server. 

12. (previously presented) A computer readable storage medium storing an 
authentication program that runs on the server of an authentication system for mutual 
authentication between a terminal and a server wherein the program allows a computer to 
execute: 

a memory process to pre-store a password verification data H for server registration; 
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a mask operation process to yield a value Y2 using a specific calculation formula with the 
input of the stored password verification data H and an internally generated random number, and 
then send Y2 to the terminal; and 

a master key generation process to yield a value MK using a specific calculation formula 
with the input of the password verification data H, an internally generated random number and a 
value Yl received from the terminal. 

1 3 . (previously presented) The computer readable storage medium storing the 
authentication program according to Claim 12 wherein the program further allows a computer to 
execute a data extension process to yield the password verification data H based on a password 
previously-determined by the user. 

14. (previously presented) The computer readable storage medium storing the 
authentication program according to Claim 12 wherein the program further allows a computer to 
execute an authentication result verification process to yield a value V2 using a specific 
calculation formula with the input of the value MK, send V2 to the terminal and compare a value 
VI received from the terminal with a value VI obtained using a specific calculation formula with 
the input of the value MK and, if they match, to authenticate the terminal. 

1 5 . (previously presented) The computer readable storage medium storing the 
authentication program according to Claim 1 1 wherein each of the terminal and the server 
comprises a session key generation process to generate a session key when they are mutually 
authenticated. 

16. (previously presented) The computer readable storage medium storing the 
authentication program according to Claim 9 wherein the authentication information P' is a 
polynomial equation. 
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17. (previously presented) The computer readable storage medium storing the 
authentication program according to Claim 9 wherein the authentication information P' is a 
polynomial equation and a hash function. 

18. (previously presented) The authentication program according to Claim 9 wherein 
the authentication information P' is a hash function. 

1 9. (previously presented) The computer readable storage medium storing the 
authentication program according to Claim 9 wherein the authentication information P' is a 
pseudo random number generator. 

20. (previously presented) The authentication system according to Claim 2 wherein the 
terminal comprises: 

a generation means that generates an update information T'; and 
an update information generation means that yields a password verification data H' for 
server update and a new authentication information P' using a specific calculation formula with 
the input of authentication information P' stored in the memory means and the update 
information T\ sends the password verification data H' for server update to the server, and stores 
the new authentication information P' in the memory means, 
and the server comprises: 

an update information generation means that yields a new password verification data H 
using a specific calculation formula with the input of password verification data H'for server 
update sent from the terminal and password verification data H stored in the memory means, and 
then updates the password verification data H stored in the memory means. 

21 . (previously presented) The authentication system according to Claim 2 wherein the 
terminal comprises: 

a generation means that generates a secret information S'; and 

an update information generation means that yields a password verification data H' for 
server update and a new authentication information P' using a specific calculation formula with 
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the input of an authentication information P' stored in the memory means, the secret information 
S' and a new password, sends the password verification data H' for server update to the server, 
and then stores the new authentication information P' in the memory means, 
and the server comprises: 

an update information generation means that yields a new password verification data H 
using a specific calculation formula with the input of password verification data H'for server 
update sent from the terminal and password verification data H stored in the memory means, and 
then updates the password verification data H stored in the memory means. 

22. (previously presented) An authentication system for mutual authentication between 
a terminal and a server wherein the terminal comprises: 

a memory means that pre-stores an authentication information P' for terminal storage and 
an RSA public key (N, e); 

a concatenation means that yields a value W using a specific calculation formula with the 
input of the authentication information P' read from the memory means and a password entered 
for authentication; and 

a mask operation means that yields a value Z using a specific calculation formula with the 
input of the value W, RSA public key (N, e) read from the memory means and an internally 
generated random number T, and then sends Z to the server, 

and the server comprises: 

a memory means that pre-stores a password verification data H for server registration and 
an RSA private key (N, d); and 

a master key generation means that yields a value T using a specific calculation formula 
with the input of the password verification data H and RSA private key (N, d) read from the 
memory means and a value Z received from the terminal. 

23. (previously presented) The authentication system according to Claim 22 wherein 
comprising a data extension means that yields the password verification data H and the 
authentication information P' based on a password previously-determined by the user. 
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24. (previously presented) The authentication system according to Claim 22 wherein 
comprising an RSA key generation means that yields the RSA public key (N, e) and the RS A 
private key (N, d). 

25. (previously presented) The authentication system according to Claim 22 wherein 
the terminal further comprises: 

an authentication result verification means that compares a value V2 received from the 
server with a value V2 obtained using a specific calculation formula with the input of the random 
number T and, if they match, authenticates the server; and 

a verifier generation means that yields a value VI using a specific calculation formula 
with the input of the random number T and sends VI to the server, 

and the server further comprises: 

a verifier generation means that yields a value V2 using a specific calculation formula 
with the input of the value T and sends V2 to the terminal; and 

an authentication result verification means that compares a value VI received from the 
terminal with a value VI obtained using a specific calculation formula with the input of the value 
T and, if they match, authenticates the terminal. 

26. (previously presented) The authentication system according to Claim 25 wherein 
each of the terminal and the server comprises a session key generation means that generates a 
session key when they are mutually authenticated. 

27. (previously presented) The authentication system according to Claim 22 wherein 
the authentication information P' is a polynomial equation and an FDH function. 

28. (previously presented) The authentication system according to Claim 22 wherein 
the authentication information P' is an FDH function. 



29. (previously presented) The authentication system according to Claim 22 wherein 
the RSA public key (N, e) uses secure communication. 
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30. (previously presented) The authentication system according to Claim 22 wherein 
the RSA public key (N, e) uses insecure communication. 

3 1 . (previously presented) A computer readable storage medium storing an 
authentication program that runs on a terminal of an authentication system for mutual 
authentication between a terminal and a server wherein the program allows a computer to 
execute: 

a memory process to pre-store an authentication information P' for terminal storage and 
an RSA public key (N, e); 

a concatenation process to yield a value W using a specific calculation formula with the 
input of the stored authentication information P' and a password entered for authentication; and 

a mask operation process to yield a value Z using a specific calculation formula with the 
input of the value W, the stored RSA public key (N, e), and an internally generated random 
number T, and then send Z to the server. 

32. (previously presented) The computer readable storage medium storing the 
authentication program according to Claim 31 wherein the program further allows a computer to 
execute a data extension process to yield authentication information P' based on a password 
previously-determined by the user. 

33 . (previously presented) The computer readable storage medium storing the 
authentication program according to Claim 31 wherein the program further allows a computer to 
execute an RSA key generation process to yield the RSA public key (N, e). 

34. (previously presented) The computer readable storage medium storing the 
authentication program according to Claim 3 1 wherein the program further allows a computer to 
execute: 

an authentication result verification process to compare a value V2 received from the 
server with a value V2 obtained using a specific calculation formula with the input of the random 
number T and, if they match, authenticate the server; and 
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a verifier generation process to yield a value VI using a specific calculation formula with 
the input of the random number T and send VI to the server. 

35. (currently amended) A computer readable storage medium storing an 
authentication program that runs on a server of an authentication system for mutual 
authentication between a terminal and a server wherein the program allows a computer to 
execute: 

a memory process to pre-store a password verification data H for server registration and 
an RSA private key (N, d); and 

a master key generation process to yield a value T using a specific calculation formula 
with the input of the stored password verification data H, RSA private key (N, d) and a value Z, 
wherein the value Z represents a result of a mask operation process and received from the 
terminal. 

36. (previously presented) The computer readable storage medium storing the 
authentication program according to Claim 35 wherein the program further allows a computer to 
execute a data extension process to yield the password verification data H based on a password 
previously-determined by the user. 

37. (previously presented) The computer readable storage medium storing the 
authentication program according to Claim 35 wherein the program further allows a computer to 
execute an RSA key generation process to yield the RSA private key (N, d). 

3 8 . (previously presented) The computer readable storage medium storing the 
authentication program according to Claim 35 wherein the program further allows a computer to 
execute: 

a verifier generation process to yield a value V2 using a specific calculation formula with 
the input of the value T and send V2 to the terminal; and 

an authentication result verification process to compare a value VI received from the 
server with a value VI obtained using a specific calculation formula with the input of the value T 
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and, if they match, to authenticate the terminal. 

39. (previously presented) The computer readable storage medium storing the 
authentication program according to Claim 34 wherein each of the terminal and the server 
comprises a session key generation process to generate a session key when they are mutually 
authenticated. 

40. (previously presented) The computer readable storage medium storing the 
authentication program according to Claim 31 wherein that the authentication information P' is a 
polynomial equation and an FDH function. 

41 . (previously presented) The computer readable storage medium storing the 
authentication program according to Claim 31 wherein the authentication information P' is an 
FDH function. 

42. (previously presented) The computer readable storage medium storing the 
authentication program according to Claim 31 wherein the RSA public key (N, e) uses secure 
communication. 

43. (previously presented) The computer readable storage medium storing the 
authentication program according to Claim 31 wherein the RSA public key (N, e) uses insecure 
communication. 

44. (previously presented) The authentication system according to Claim 23 wherein 
the terminal comprises: 

a generation means that generates an update information T'; and 
an update information generation means that yields a password verification data H' for 
server update and a new authentication information P' using a specific calculation formula with 
the input of an authentication information P' stored in the memory means and the update 
information T', sends the password verification data H' for server update to the server, and stores 
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the new authentication information P' in the memory means, 
and the server comprises: 

an update information generation means that yields a new password verification data H 
using a specific calculation formula with the input of the password verification data H'for server 
update sent from the terminal and a password verification data H stored in the memory means, 
and then updates the password verification data H stored in the memory means. 

45. (previously presented) The authentication system according to Claim 22 wherein 
the terminal comprises: 

an update information generation means that yields a new authentication information P' 
using a specific calculation formula with the input of an authentication information P' stored in 
the memory means and the random number T, and then stores the new authentication information 
P' in the memory means, 

and the server comprises: 

an update information generation means that yields a new password verification data H 
using a specific calculation formula with the input of a password verification data H stored in the 
memory means and a value T yielded by the master key generation means, and then updates the 
password verification data H stored in the memory means 

46. (previously presented) The authentication system according to Claim 23 wherein 
the terminal comprises: 

a generation means that generates a secret information S'; and 

an update information generation means that yields a password verification data H' for 
server update and a new authentication information P' using a specific calculation formula with 
the input of authentication information P' stored in the memory means, the secret information S' 
and a new password, sends the password verification data H' for server update to the server, and 
then stores the new authentication information P' in the memory means, 

and the server comprises: 

an update information generation means that yields a new password verification data H 
using a specific calculation formula with the input of password verification data H'for server 
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update sent from the terminal and password verification data H stored in the memory means, and 
then updates the password verification data H stored in the memory means. 

47. (previously presented) A remotely-distributed storage system that conducts mutual 
authentication between a terminal and multiple servers, distributes terminal data to be stored, and 
stores them on the servers wherein the terminal comprises: 

a data extension means that yields a password verification data H for server registeratioin 
and an authentication information P' for terminal storage based on a password previously- 
determined by the user; 

a memory means that pre-stores the authentication information P' yielded by the data 
extension means; 

a concatenation means that yields a value P using a specific calculation formula with the 
input of the authentication information P' read from the memory means and a password entered 
for authentication; 

a mask operation means that yields a value Yl using a specific calculation formula with 
the input value P and an internally generated random number, and then sends Yl to the server; 

a master key generation means that yields a value MK using a specific calculation 
formula with the input of the value P, an internally generated random number and a value Y2 
received from the server; 

an authentication result verification means that yields a value VI using a specific 
calculation formula with the input of the value MK, sends VI to the server and compares a value 
V2 received from the server with the value VI and, if they match, authenticates the server; 
a session key generation means that generates the same number of session keys SK as the number 
of servers when the servers are authenticated; 

a data dividing means that divides the data to be stored and yields the same number of 
divided data as the number of authenticated servers; 

a data storing means that encodes the divided data and an identification information for 
identifying the data to be stored using the session keys SK shared with the storing servers, and 
then sends them to the servers; and 

a data decoding means that receives the divided data from the servers where the data are 
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stored, and then decodes the stored data, 
and the server comprises: 

a memory means that pre-stores a password verification data H yielded by the data 
extension means; 

a mask operation means that yields a value Y2 using a specific calculation formula with 
the input of a password verification data H read from the memory means and an internally 
generated random number, and then sends Y2 to the terminal; 

a master key generation means that yields a value MK using a specific calculation 
formula with the input of the password verification data H, an internally generated random 
number and a value Yl received from the terminal; 

an authentication result verification means that yields a value V2 using a specific 
calculation formula with the input of the value MK, sends Y2 to the terminal and compares a 
value VI received from the terminal with the value V2 and, if they match, authenticates the 
terminal; 

a session key generation means that generates a session key SK when the terminal is 
authenticated; 

a data receiving means that receives divided data from the terminal; 
a data storing means that stores the divided data; and 

a data transfer means that reads the divided data stored in the data storing means and 
sends them to the terminal. 

48. (previously presented) The remotely-distributed storage system according to Claim 
47 wherein that some of the divided data are stored on the terminal. 

49. (previously presented) A computer readable storage medium storing a remotely- 
distributed storage program that runs on a terminal of a remotely-distributed storage system that 
conducts mutual authentication between a terminal and multiple servers, distributes terminal data 
to be stored, and stores them on the servers wherein the program allows a computer to execute: 

a data extension process to yield a password verification data H for server registration and 
an authentication information P' for terminal storage based on a password previously-determined 
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by the user; 

a memory process to pre-store the authentication information P' yielded in the data 
extension process; 

a concatenation process to yield a value P using a specific calculation formula with the 
input of the authentication information P' read from the memory process and a password entered 
for authentication; 

a mask operation process to yield a value Yl using a specific calculation formula with the 
input of value P and an internally generated random number, and then send Yl to the server; 

a master key generation process to yield a value MK using a specific calculation formula 
with the input of the value P, an internally generated random number and a value Y2 received 
from the server; 

an authentication result verification process to yield a value VI using a specific 
calculation formula with the input of the value MK, send VI to the server and compare a value 
V2 received from the server with the value VI and, if they match, authenticate the server; 

a session key generation process to generate the same number of session keys SK as the 
number of servers when the servers are authenticated; 

a data dividing process to divide the data to be stored and yield the same number of 
divided data as the number of authenticated servers; 

a data storing process to encode the divided data and an identification information for 
identifying the data to be stored using the session keys SK shared with the storing servers, and 
then send them to the servers; and 

a data decoding process to receive the divided data from the servers where the data are 
stored, and then decode the stored data. 

50. (previously presented) A computer readable storage medium storing a remotely- 
distributed storage program that runs on a server of a remotely-distributed storage system that 
conducts mutual authentication between a terminal and multiple servers, distributes terminal data 
to be stored, and stores them on the servers wherein the program allows a computer to execute: 

a memory process to pre-store a password verification data H yielded in a data extension 
process; 
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a mask operation process to yield a value Y2 using a specific calculation formula with the 
input of a password verification data H read from the memory process and an internally 
generated random number, and then send Y2 to the terminal; 

a master key generation process to yield a value MK using a specific calculation formula 
with the input of the password verification data H, an internally generated random number and a 
value Yl received from the terminal; 

an authentication result verification process to yield a value V2 using a specific 
calculation formula with the input of the value MK, send V2 to the terminal and compare a value 
VI received from the terminal with the value V2 and, if they match, to authenticate the terminal; 

a session key generation process to generate a session key SK when the terminal is 
authenticated; 

a data receiving process to receive divided data from the terminal; 
a data storing means to store the divided data; and 

a data transfer process to read the divided data stored in the data storing process and send 
them to the terminal. 
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